SMBs are now making protecting their information their highest IT priority, as opposed to 15 months ago when a high percentage had failed to enact even the most basic safeguards, according to a survey by Symantec.

This shift makes sense as SMBs are facing increased threats from cyber attacks, lost devices and loss of confidential or proprietary data. The survey is based on responses from 2,152 SMB executives and IT decision makers in 28 countries in May 2010.

SMBs surveyed showed a heightened interest and increased investment in information protection. They rank data loss and cyber attacks as their top business risks, ahead of traditional criminal activity, natural disasters and terrorism. SMBs are now spending an average of $51,000 a year, and two thirds of IT staff time working on information protection, including computer security, backup, recovery and archiving as well as disaster preparedness. Eighty-seven percent of SMBs have a disaster preparedness plan, but there is still work to be done as only 23 percent rate their plan pretty good/excellent.

Loss of critical business information threatens SMBs. Seventy-four percent of SMBs surveyed are somewhat/extremely concerned about losing electronic information. In fact, 42 percent have lost confidential or proprietary information in the past. As a result, 100 percent of companies who have lost data have seen direct losses such as lost revenue or direct financial costs such as money or goods.

One of the main issues for SMBs is lost devices. Almost two-thirds of businesses polled have lost devices such as laptops, smartphones or iPads in the past 12 months. One-hundred percent have at least some devices that have no password protection and cannot be remotely wiped of their data to protect their confidential business information if lost.

Cyber attacks are a crucial threat to SMBs. Seventy-three percent of the respondents were victims of cyber attacks in the past year. Thirty percent of those attacks were deemed somewhat/extremely successful. One-hundred percent of SMBs saw losses such as expensive downtime, loss of important corporate data as well as personally identifiable information of customers or employees. These losses led to direct costs for all respondents such as lost productivity, lost revenue and loss of customer trust.

Recommendations

Educate employees: Develop Internet security guidelines and educate employees about Internet safety, security, and the latest threats. Part of the training should focus on the importance of regularly changing passwords and protecting mobile devices.

Safeguard important business information: SMBs are facing increased risks to their confidential information so safeguarding this data is critical. One data breach could mean financial ruin for an SMB. Implement a complete protection solution to ensure proprietary information—whether its credit card information, customer data or employee records—is safe.

Implement an effective backup and recovery plan: Protecting information is more than implementing an antivirus solution. Backup and recovery is a critical component of complete information protection to keep SMBs’ desktops, servers and applications running smoothly in case of disruption—whether it’s a flood, an earthquake, a virus or a system failure. One outage could mean customer dissatisfaction and costly downtime, which could be catastrophic to the business.

Secure email and web assets: Select a mail and Web security solution that can help mitigate spam and email threats so SMBs can protect sensitive information and spend more time on day-to-day activities. Spammers and phishers will use current events and social engineering tactics to get users to give up personal information such as credit card and banking information.

Email Address

Spotlight

Microsoft Edge, the new browser in Windows 10, represents a significant increase in the security over Internet Explorer. However, there are also new potential threat vectors that aren’t present in older versions.

35 percent of employees would sell information on company patents, financial records and customer credit card details if the price was right. This illustrates the growing importance for organizations to deploy data loss prevention strategies.

Sun Tzu's writings have been studied throughout the ages by professional militaries and can used to not only answer the question of whether or not we are in a cyberwar, but how one can fight a cyber-battle.

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.